From 4d0e0dcc2ac25a58e53492f7b739888dc006dd81 Mon Sep 17 00:00:00 2001 From: Ryan Date: Sun, 17 Nov 2019 14:02:15 -0600 Subject: [PATCH 1/5] Remove SQL injection --- notification_service.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/notification_service.php b/notification_service.php index 214c95d..d8e2457 100644 --- a/notification_service.php +++ b/notification_service.php @@ -77,7 +77,7 @@ public function is_notification_forum_enabled($forum_id) } // Query the forum table where forum notification settings are stored - $sql = "SELECT discord_notifications_enabled FROM " . FORUMS_TABLE . " WHERE forum_id = $forum_id"; + $sql = "SELECT discord_notifications_enabled FROM " . FORUMS_TABLE . " WHERE forum_id = " . (int)$forum_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); $enabled = $data['discord_notifications_enabled'] == 1 ? true : false; @@ -107,7 +107,7 @@ public function query_forum_name($forum_id) return null; } - $sql = "SELECT forum_name from " . FORUMS_TABLE . " WHERE forum_id = $forum_id"; + $sql = "SELECT forum_name from " . FORUMS_TABLE . " WHERE forum_id = " . (int)$forum_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); $name = $data['forum_name']; @@ -127,7 +127,7 @@ public function query_post_subject($post_id) return null; } - $sql = "SELECT post_subject from " . POSTS_TABLE . " WHERE post_id = $post_id"; + $sql = "SELECT post_subject from " . POSTS_TABLE . " WHERE post_id = " (int)$post_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); $subject = $data['post_subject']; @@ -147,7 +147,7 @@ public function query_topic_title($topic_id) return null; } - $sql = "SELECT topic_title from " . TOPICS_TABLE . " WHERE topic_id = $topic_id"; + $sql = "SELECT topic_title from " . TOPICS_TABLE . " WHERE topic_id = " (int)$topic_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); $title = $data['topic_title']; @@ -168,6 +168,8 @@ public function query_topic_details($topic_id) return array(); } + $topic_id = intval($topic_id); + $topic_table = TOPICS_TABLE; $forum_table = FORUMS_TABLE; $sql = "SELECT @@ -176,7 +178,7 @@ public function query_topic_details($topic_id) FROM $forum_table f, $topic_table t WHERE - t.forum_id = f.forum_id and t.topic_id = $topic_id"; + t.forum_id = f.forum_id and t.topic_id = ". (int)$topic_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); @@ -196,7 +198,9 @@ public function query_user_name($user_id) return null; } - $sql = "SELECT username from " . USERS_TABLE . " WHERE user_id = $user_id"; + $user_id = intval($user_id); + + $sql = "SELECT username from " . USERS_TABLE . " WHERE user_id = " . (int)$user_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); $name = $data['username']; From e57d47b97710366ec12d94e3bf8a5e4844619f66 Mon Sep 17 00:00:00 2001 From: Ryan Date: Sun, 17 Nov 2019 14:07:53 -0600 Subject: [PATCH 2/5] Remove JSON injection vulnurability --- notification_service.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/notification_service.php b/notification_service.php index d8e2457..9aec541 100644 --- a/notification_service.php +++ b/notification_service.php @@ -315,20 +315,22 @@ private function execute_discord_webhook($discord_webhook_url, $color, $message, } // Place the message inside the JSON structure that Discord expects to receive at the REST endpoint. - $post = ''; + $json = array("embeds"=>array( + "color"=>$color, + "description"=>$message + ) + ); + if (isset($footer)) { - $post = sprintf('{"embeds": [{"color": "%d", "description" : "%s", "footer": {"text": "%s"}}]}', $color, $message, $footer); - } - else { - $post = sprintf('{"embeds": [{"color": "%d", "description" : "%s"}]}', $color, $message); + $json["embeds"]["footer"] = array("text"=>$footer); } // Use the CURL library to transmit the message via a POST operation to the webhook URL. $h = curl_init(); curl_setopt($h, CURLOPT_URL, $discord_webhook_url); curl_setopt($h, CURLOPT_POST, 1); - curl_setopt($h, CURLOPT_POSTFIELDS, $post); + curl_setopt($h, CURLOPT_POSTFIELDS, json_encode($json)); $response = curl_exec($h); curl_close($h); From 83f1b21137bfefe1ce7e6fedd4a6f52914a9c168 Mon Sep 17 00:00:00 2001 From: Ryan Date: Sun, 17 Nov 2019 14:11:55 -0600 Subject: [PATCH 3/5] Leftover cleanup --- notification_service.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/notification_service.php b/notification_service.php index 9aec541..7e21352 100644 --- a/notification_service.php +++ b/notification_service.php @@ -168,8 +168,6 @@ public function query_topic_details($topic_id) return array(); } - $topic_id = intval($topic_id); - $topic_table = TOPICS_TABLE; $forum_table = FORUMS_TABLE; $sql = "SELECT From 3d6fe61ad4e41b44445b408a78da5cbf88213c96 Mon Sep 17 00:00:00 2001 From: Ryan Date: Sun, 17 Nov 2019 14:12:30 -0600 Subject: [PATCH 4/5] More leftover cleanup --- notification_service.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/notification_service.php b/notification_service.php index 7e21352..6815f82 100644 --- a/notification_service.php +++ b/notification_service.php @@ -196,8 +196,6 @@ public function query_user_name($user_id) return null; } - $user_id = intval($user_id); - $sql = "SELECT username from " . USERS_TABLE . " WHERE user_id = " . (int)$user_id; $result = $this->db->sql_query($sql); $data = $this->db->sql_fetchrow($result); From 30b3a8c91b269790a62c9bd070c7c7fac22c01b5 Mon Sep 17 00:00:00 2001 From: Ryan Gooler Date: Mon, 18 Nov 2019 14:48:09 -0600 Subject: [PATCH 5/5] Update composer.json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 3a3c782..8048f5a 100644 --- a/composer.json +++ b/composer.json @@ -21,7 +21,7 @@ "extra": { "display-name": "Discord Notifications", "soft-require": { - "phpbb/phpbb": ">=3.1.4,<3.2.0@dev" + "phpbb/phpbb": ">=3.1.4" } }, "require-dev": {